Certified Information Systems Auditor (CISA) — Question 472

Which of the following is MOST important for an IS auditor to review when assessing the integrity of encryption controls for data at rest?

Answer options

• A. Protection of encryption keys
• B. Encryption of test data
• C. Frequency of encryption key changes
• D. Length of encryption keys

Correct answer: A

Explanation

The protection of encryption keys is crucial because it directly affects the security of the encrypted data; if keys are compromised, the encryption becomes ineffective. While the other options are important, they do not have as direct an impact on the overall integrity of encryption controls as the safeguarding of the keys themselves.